This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using NtApiDotNet; | |
using NtApiDotNet.Ndr.Marshal; | |
using NtApiDotNet.Win32; | |
using NtApiDotNet.Win32.Rpc.Transport; | |
using NtApiDotNet.Win32.Security.Authentication; | |
using NtApiDotNet.Win32.Security.Authentication.Kerberos; | |
using NtApiDotNet.Win32.Security.Authentication.Kerberos.Client; | |
using NtApiDotNet.Win32.Security.Authentication.Kerberos.Server; | |
using NtApiDotNet.Win32.Security.Authentication.Logon; | |
using System; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var fso = new ActiveXObject("Scripting.FileSystemObject"); | |
var ado = (function() { | |
if (typeof window === "undefined") { | |
return new ActiveXObject("ADODB.Stream"); | |
} else { | |
var _GetObject = (typeof GetObject === "function") ? GetObject : (function() { | |
var script = window.document.createElement("script"); | |
script.setAttribute("language", "VBScript"); | |
script.innerHTML = "Function GetObjectHelper(name)\nSet GetObjectHelper = GetObject(name)\nEnd Function"; | |
window.document.body.appendChild(script); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <wchar.h> | |
#define LOAD_LIBRARY_SEARCH_SYSTEM32 (0x00000800) | |
HMODULE loadlibrary_system(const wchar_t* name) | |
{ | |
/* If running on Windows 8 or a system with KB2533623, LoadLibraryEx with | |
LOAD_LIBRARY_SEARCH_SYSTEM32 does the right thing */ | |
if (GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "AddDllDirectory")) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<TriggerCollection | |
xmlns:xsd="http://www.w3.org/2001/XMLSchema" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |
<Triggers> | |
<Trigger> | |
<Guid>Ab8CqzeKQUuKdzTx4tKy7A==</Guid> | |
<Name>Debug</Name> | |
<Events> | |
<Event> | |
<TypeGuid>5f8TBoW4QYm5BvaeKztApw==</TypeGuid> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Obtain teams token - you can reuse it for GoMapEnum for example | |
// Author: Juan Manuel Fernandez (@TheXC3LL) | |
const puppeteer = require('puppeteer'); | |
(async () => { | |
console.log("\t\tMS Teams Token Generator - @TheXC3LL\n\n"); | |
const username = process.argv[2]; | |
const password = process.argv[3]; | |
console.log("[*] Using credentials: %s:%s", username, password); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
' Proof of Concept: retrieving SSN for syscalling in VBA | |
' Author: Juan Manuel Fernandez (@TheXC3LL) | |
'Based on: | |
'https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/ | |
'https://www.crummie5.club/freshycalls/ | |
Private Type LARGE_INTEGER |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -RunAsAdministrator | |
<# | |
.SYNOPSIS | |
Script used to manage state of Microsoft Defender's Attack Surface Redution rules. | |
Configures all ASR rules into mode defined in -State parameter. | |
.PARAMETER State | |
Tells how to configure all ASR rules available. Valid options: | |
- Disable (Disable the ASR rule) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public unsafe static bool UnlinkModuleFromPeb(IntPtr hModule) | |
{ | |
if (hModule == IntPtr.Zero) return false; | |
PEB* peb = Get_PEB(); | |
if (peb == null) return false; | |
LIST_ENTRY* CurrentEntry = peb->Ldr->InLoadOrderModuleList.Flink; | |
Debug.Assert(CurrentEntry != null); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//All credit goes to Ysoserial.net and the great @tiraniddo | |
//Snippets copied from ysoserial.net | |
//https://thewover.github.io/Mixed-Assemblies/ - Great read! | |
//https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui - Another great read | |
using System; | |
using System.Collections.Generic; | |
using System.Runtime.Serialization.Formatters.Binary; | |
using System.IO; | |
using System.Reflection; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* fork.c | |
* Experimental fork() on Windows. Requires NT 6 subsystem or | |
* newer. | |
* | |
* Copyright (c) 2012 William Pitcock <nenolod@dereferenced.org> | |
* | |
* Permission to use, copy, modify, and/or distribute this software for any | |
* purpose with or without fee is hereby granted, provided that the above | |
* copyright notice and this permission notice appear in all copies. |